November 13, 2007

network

1. TCP/IP 3 ways synchronization

1. the client, sends a SYN segment to the server to synchronize the sequence numbers. It specifies its initial sequence number (ISN) (8221822) . To initialize a connection, the client and server must synchronize each other’s sequence numbers. There is also an option for the Maximum Segment Size (MSS) to be set, which is defined by the length (len: 4). This option communicates the maximum segment size the sender wants to receive. The Acknowledgement field (ack: 0) is set to zero because this is the first part of the three-way handshake.

2. In the second frame, the server, sends an ACK and a SYN on this segment (TCP .A..S.). In this segment the server is acknowledging the request of the client for synchronization.

At the same time, the server is also sending its request SYN to the client for synchronization of its sequence numbers(1109645). The server transmits an acknowledgement number (8221823) to the client. the server increments the client’s sequence number by one and uses it as its acknowledgement number.

3. In the third frame, the client sends an ACK of seq (8221823) on this segment (TCP .A….). In this segment, the client is acknowledging the request from the server for synchronization with ACK (1109646).

A HTTP-based SSL connection is always initiated by the client using a URL starting with https:// instead of with http://. At the beginning of an SSL session, an SSL handshake is performed. This handshake produces the cryptographic parameters of the session. A simplified overview of how the SSL handshake is processed is shown in the diagram below.

The client sends a client “hello” message that lists the cryptographic capabilities of the client (sorted in client preference order), such as the version of SSL, the cipher suites supported by the client, and the data compression methods supported by the client. The message also contains a 28-byte random number.

The server responds with a server “hello” message that contains the cryptographic method (cipher suite) and the data compression method selected by the server, the session ID, and another random number.Note:The client and the server must support at least one common cipher suite, or else the handshake fails. The server generally chooses the strongest common cipher suite.

The server sends its digital certificate. (In this example, the server uses X.509 V3 digital certificates with SSL.)If the server uses SSL V3, and if the server application (for example, the Web server) requires a digital certificate for client authentication, the server sends a “digital certificate request” message. In the “digital certificate request” message, the server sends a list of the types of digital certificates supported and the distinguished names of acceptable certificate authorities.

The server sends a server “hello done” message and waits for a client response.

Upon receipt of the server “hello done” message, the client (the Web browser) verifies the validity of the server’s digital certificate and checks that the server’s “hello” parameters are acceptable.If the server requested a client digital certificate, the client sends a digital certificate, or if no suitable digital certificate is available, the client sends a “no digital certificate” alert. This alert is only a warning, but the server application can fail the session if client authentication is mandatory.

The client sends a “client key exchange” message. This message contains the pre-master secret, a 46-byte random number used in the generation of the symmetric encryption keys and the message authentication code (MAC) keys, encrypted with the public key of the server.If the client sent a digital certificate to the server, the client sends a “digital certificate verify” message signed with the client’s private key. By verifying the signature of this message, the server can explicitly verify the ownership of the client digital certificate.Note:

An additional process to verify the server digital certificate is not necessary. If the server does not have the private key that belongs to the digital certificate, it cannot decrypt the pre-master secret and create the correct keys for the symmetric encryption algorithm, and the handshake fails.

The client uses a series of cryptographic operations to convert the pre-master secret into a master secret, from which all key material required for encryption and message authentication is derived. Then the client sends a “change cipher spec” message to make the server switch to the newly negotiated cipher suite. The next message sent by the client (the “finished” message) is the first message encrypted with this cipher method and keys.

The server responds with a “change cipher spec” and a “finished” message of its own.

The SSL handshake ends, and encrypted application data can be sent.

2. IP address

IP Subnetting: for instance ,Class C has fixed length of the network mark address at 24 bits. To subnet this network, MORE than 24 bits must be set to ‘1’ on the left side of the subnet mask. For instance, the 25-bit mask 255.255.255.128(11111111,1111111,11111111,1000000) of 192.168.1.0 creates a two-subnet networks as there is one extra bit of mask :192.168.1.0 and 192.168.1.128 (xxxxxxxx,xxxxxxxx,xxxxxxxx,0/1000000)

A two-bit subnet number can support up to four subnets, a three-bit number supports up to eight subnets, and so on.

SUM: extra bits stands power of 2 subnets are divided;

CIDR is an alternative to traditional IP subnetting that organizes IP addresses into subnetworks independent of the value of the addresses themselves.
CIDR is also known as supernetting as it effectively allows multiple subnets to be grouped together for network routing.(subnet mark length is LESS than default subnet mark length)

applies the network mask 255.255.254.0 to the 192.168 network, starting at 192.168.12.0. This notation represents the address range 192.168.12.0 – 192.168.13.255. Compared to traditional class-based networking, 192.168.12.0/23 represents an aggregation of the two Class C subnets 192.168.12.0 and 192.168.13.0 each having a subnet mask of 255.255.255.0. In other words,

Data type struct in_addr – this data type is used in certain contexts to contain an Internet host address. It has just one field, named s_addr, which records the host address number as an unsigned long int in network order.

So, K is a pointer to a short, and is now looking at byte location 0 (which has W), byte location s+1 (which has X). What happens when we read the value at K?

I think a short is two bytes, so I’ll read them off: location s is address 0 (W, or 0x12) and locaiton s + 1 is address 1 (X, or 0x34).

Big endian machine: Since the first byte is biggest (I’m big-endian!), the number must be 256 * byte[0] + byte[1], or 256*W + X, or 0x1234.

Little endian machine: But in my world, the first byte is the littlest! The value of the short is byte[0] + 256 * byte[1], or 256*X + W, or 0x3412.

socket programming中何时用到（htons,htonl,ect）

bind , connect, sendto, data translated.

* choose an unused port at random */

my_addr.sin_port = htons(8080);

my_addr.sin_addr.s_addr = htonl(INADDR_ANY);

TCP/IP hdr checksum : what method is used ?

Answer
Header Checksum: A checksum computed over the header to
provide basic protection against corruption in transmission.
This is not the more complex CRC code typically used by data
link layer technologies such as Ethernet; it’s just a 16-bit
checksum. It is calculated by dividing the header bytes into
words (a word is two bytes) and then adding them together.
The data is not checksummed, only the header. At each hop
the device receiving the datagram does the same checksum
calculation and on a mismatch, discards the datagram as damaged.

Code Correctness Verification

SNMP

SNMPv1 (RFC’s 1155, 1157, and 1212), SNMPv2c (RFC’s 1901 through 1908), and SNMPv3 (RFC’s 3411 though 3418). The co-existence of all three versions are detailed in RFC 3584.

SNMPv1 is the original standard for community based management.

SNMPv2 was derived from the SNMPv1 framework but had no message definition, which was later revamped aa SNMPv2c, a community based version of SNMPv2 with a message format similar to SNMPv1. SNMPv2 added several new datatypes (Counter32, Counter64, Gauge32, UInteger32, NsapAdress, and BIT STRING), as well as enhancements to OID tables and the setting of OID values. Within the MIB-II standard several OID groups are defined

SNMPv3 is an extensable SNMPv2 framework with a new message format, ACL and security abilities, and remote configuration of SNMP parameters.

SNMP Proxy agent requires only when network has SNMP V1 and V2 agents. SNMP V1 supports Get, GetNext, Set and trap.
SNMP V2 supports Get, GetBulk, set, trap and Inform. When SNMP V2 Network management Service wants to get data from
SNMP V1 device, it sends GetBulk message to Proxy agent. Proxy agent will translate the GetBulk request to GetNext
request in order to get data from SNMP V1 agent

OID: .1.3.6.1.4.1. (.iso.org.dod.internet.private.enterprises.)

Cisco 9, Microsoft 311

Lay2 vs lay3 switch

SEGV – Tends to mean you have attempted to access a segment of memory that does not exist.
BUS – Tends to mean you have attempted to access a segment of memory that does exist but have accessed it in correctly
sometimes certin cpu’s require address to be aligned on certin boundryies eg 8 / 16 / 32 / 64 bit address

Based on experience from many years ago (and not having access to source code and the time) I learned that SIGSEGV tended to mean that you either dereferenced a NULL pointer which would mean you are trying to access a non-existant segment or that you generated and were trying to use an address which was pointing into the “text” segment.

In contrast SIGBUS basically meant that you were trying to use an address which was illegal (i.e. outside the ability of the manhine to address).

Candidate UNIX qualifying questions. Candidate
preparation.
Ø Is your current system more BSD or System IV based
and why?
Ø How do you boot into single user mode?
Ø What are the options for the shutdown command?
Ø What is the su du command used for?
Ø What is a super block? http://images.google.com/imgres?imgurl=http://web.syr.edu/~nshenvi/summaryUnix_files/image003.gif&imgrefurl=http://web.syr.edu/~nshenvi/summaryUnix.htm&h=445&w=581&sz=22&hl=en&start=11&um=1&tbnid=Z9U7GxRrnK_VCM:&tbnh=103&tbnw=134&prev=/images%3Fq%3Dinode%2BSuperBlock%26svnum%3D10%26um%3D1%26hl%3Den%26sa%3DG state of the file system, size of file system , where to find space, how many files
Ø What command do you use to access the Super Block? fsck
Ø What is the difference between a symbolic and hard
link? When would you use each?
Ø What directory holds file with the sticky bit and
when is it used?
/tmp
Ø What command do you use to change file ownership and
privileges?

chown , chgrp
Ø What is another name for the kill command?
Ø What is the default value if you put no options on
the kill command?
Ø What is the letter equivalent of the -9 and -15
options? -9: KILL -15 TERM -1 HUP
Ø What are the nice and renice commands used for?
Ø What are the 7 fields in the /etc/passwd file? (on 1
line)
Ø What command do you use to create a device? What are
the 2 numbers associated with it?
Ø What are the termcap and terminfo commands used for?
Ø What is /etc/remote file used for?
Ø What command or tool do you use to format a disk?
fdisk
Ø How do you create a mount point for a disk
partition?
Ø How do you create a file system on a new disk?
Ø Why wouldn't you use default options on mkfs?
Ø What it the lost+found directory and where does it
live?
Ø Name 3 tape mediums for backup
Ø What is a level 0 backup? Level 1? Level 2?
Ø Where is the backup info kept?
Ø Other than dump, name 2 other backup commands.
Ø What is SYSLOG? How does it work?
Ø What is a loadable kernel module?
Ø What is the difference between a classful and
classless IP address?

On the other hand, the use of an IP Address with a subnet mask other than the default results in the standard Host bits (the Bits used to indentify the HOST ID) being divided in to two parts: a Subnet ID and Host ID. These type of IP Addresses are called Classless IP Addresses.

Ø What is a default router? Where is used?
Ø What protocol does ping use?
Ø What is the difference between a hub, a switch, and
a router?
Ø What is the difference between DNS lookup and
reverse DNS lookup?
Ø What is PPP?
Ø Do you use USENET? What version of Sendmail?
Ø Name 3 deamons on a UNIX system.
Ø What deamon is the system master deamon?
Ø What is the portmap deamon?
Ø What is the difference between x-server and
x-client?

How a L2 switch works with broadcast, unicast, multicast, known/unknown traffic

VRRP, GLBP

port monitoring and mirroring

L3 switch, how it works

PIM sparse and dense modes

User(s) are complaining of delays when using the network. What would you do?

What are some of the problems associated with operating a switched LAN?

Name some of the ways of combining TCP/IP traffic and SNA traffic over the same link.

What sort of cabling is suitable for Fast Ethernet protocols?

What is a Class D IP address?

Why do I sometimes lose a server’s address when using more than one server?

What is Firewall?

How do I monitor the activity of sockets?

How would I put my socket in non-blocking mode?

What are RAW sockets?

What is the role of TCP protocol and IP protocol.

What is UDP?

How can I make my server a daemon?

How should I choose a port number for my server?

Layers in TCP/IP

How can I be sure that a UDP message is received?

How to get IP header of a UDP message

Writing UDP/SOCK_DGRAM applications

How many bytes in an IPX network address?

What is the difference between MUTEX and Semaphore?

What is priority inversion?

Different Solutions to dining philosophers problem.

What is a message queue?

Questions on Shared Memory.

What is DHCP?

Working of ping, telnet, gopher.

Can I connect two computers to internet using same line ?

Explain how traceroute, ping, and tcpdump work and what they are used for?

Describe a case where you have used these tools to troubleshoot.

What is the last major networking problem you troubleshot and solved on your own in the last year?

What LAN analyzer tools are you familiar with and describe how you use them to troubleshoot and on what media and network types.

Explain the contents of a routing table (default route, next hop, etc.)

What routing protocols have you configured?

Describe the commands to set up a route.

What routing problems have you troubleshot?

How do you display a routing table on a Cisco? On a host?

How do you use a routing table and for what?

What is a route flap?

What is a metric?

When do you use BGP, IGRP, OSPF, Static Routes?

What do you see as current networking security issues (e.g. NFS mounting, spoofing, one time passwords, etc.)?

Describe a routing filter and what it does.

Describe an access list and what it does.

What is a network management system?

Describe how SNMP works.

Describe the working environment you are currently in, e.g. frequent interruptions, frequent priority shifting, team or individual.

What do you use to write documentation? Editor? Mail reader?

What platform (s) do you currently work on at your desk?

How do you manage multiple concurrent high level projects?

Describe a recent short term stressful situation and how you managed it.

How do you manage a long term demanding stressful work environment?

Have you worked in an assignment based environment, e.g. work request/trouble ticket system, and if so, describe that environment.

Describe what network statistics or measurement tools you are familiar with and how you have used them.

Describe what a VPN is and how it works.

Describe how VoIP works.

Describe methods of QoS.

How does ToS bit work?

1. How do you implement a packet filter that distinguishes following cases and selects first case and rejects…

2.What are TP-Lite and TP-Heavy Monitors?

3.List out the benefits obtained by using the Client/Server oriented TP MonitorsClient/Server applications…

4.What are the main components of Transaction-based Systems?

5.What is a TP Monitor?

6.What is the difference between an unspecified passive open and a fully specified passive open?

7.Explain the function of Transmission Control Block?

8.What is a Management Information Base (MIB)?

9.What is anonymous FTP and why would you use it?

10.What is a pseudo tty?

11.What is REX?

12.What does the Mount protocol do?

13.What is the difference between interior and exterior neighbor gateways?

14.What are the advantages and disadvantages of the three types of routing tables?

15.What is a TCP connection table?

16.What is source route?

17.What is Proxy ARP?

18.What is a Multi-homed Host?

19.What is NVT (Network Virtual Terminal)?

20.What is Gateway-to-Gateway protocol?

Latest Questions in Networking Interview Questions

1.what is the difference between packet switched, cell switched and circuit switched technology?

2.how can we configure mail-server in win2003ADS

3.What is Frame Relay?

4.difference b/w subnetmask and default gateway

5.I have been called up for the tech interview on next week for the post of Network Engineer. Help me out…

6.What is difference between TCP/IP and UDP?

7.Encryption operation performed at what layer1.presentation layer2.physical layer3.transport layer

presentation

8.If you have 3 pc’s with static IP’s and there is one PC workstation that has FTP going through a router…

9.What are the network monitoring tools? Like what tools do you use to monitor network connections?

10.In tcp/ip udp is connection less , why?

Systems Programmer Questionnaire Rev. 3/30/99
1. What is the difference between .xinitrc and .xsession?
2. What is the difference between a gateway and a router?
3. Describe your experience with Microsoft Windows registry?
4. How many SCSI devices can be connected to a workstation with one single
channel SCSI-2 controller?
5. Name the basic data types in PERL.
6. What must a text file begin with to be recognized as postscript code?
7. What does the UNIX gutinteg command do?
8. What files, ownerships and permissions must be set for rsh to work without
a password?
9. How do you calculate the total number of blocks or sectors available on
a disk?
10. If a SCSI hard drive was formatted on a SUN workstation and no data has
yet been written to it, what needs to be do to use it on a non -SUN Linux
system?
11. Describe an SNMP application you have developed.
12. Describe the procedure for permanently modifying the initialization string
on a modem connected to a Cisco termianl server.
13. In what subdirectory is the X windows hardware configuration file
XF86Config found on a system configured with Linux?
14. Describe some of the software project management tools you have used.
15. What is the path to the shutdown command on a DEC Alpha running OS/F?
16. Name the seven most important tools a System Administrator uses?
17. Describe methods you have used to assure completion of projects on
schedule.
18. How would you set up cron entries for a non-priviledged account?
19. What is the path to the sendmail configuration file?
20. How would you remove all the core files on a filesystem.
i think you can search core**
21. What is the difference between Cnews and INN?
22. Briefly describe the sequence of events when printing a file under BSD..
23. What do the options 2755 mean to chmod? -rwx r-s r-x
24. What is RAID level 5? Level 0?
25. Describe the steps, tools and procedures you have used in project
management.
26. Describe the most complex client/server anomaly you have encountered and
how you solved it.
27. Describe your experience in forecasting server load and equipment
replacement.
28. What were your considerations in specifying a PC hardware standard?

Unix Administrator Technical Interview Questions
================================================
Please answer as many questions as correctly as you can within a 1 hour
time-limit. Answers valid for the Solaris or FreeBSD operating systems are
preferred but not required, be sure to specify on which operating system
your answer is valid.
1) What is the first line of defense in system security?
2) What should be used to maintain the /etc/shadow file?
3) What is the default shell for the "root" logonid? What other shells
are acceptable for this logonid?
4) What is the function of the kernel?
5) Using the Bourne shell syntax, show the command that sets the PATH
environment variable to look in /usr/bin first, /usr/local/bin second,
and the current directory last.
6) Show the command to search for any files or directories with question
marks in their names.
7) Which of the following commands redirects output to a file?
rd somefile > test
cat somefile > test
cat somefile >> test
cat somefile | test
8) You are using "vi" to edit a file with multiple pages. Which command
will take you down one page the fastest?
9) What command do you use to quit "vi" without saving changes? q!
10) Which command do you use to display a directory listing of files,
including the file type?
11) What is the command to display on-line help for a unix command? man
12) To display a list of all manual pages containing the keyword "date", what
command would you type?
man -k keyword apropos 13) What command will display the first 10 lines of a file called "junk"? head
14) What file will tell you where system log files are being written (if any)? /etc/syslog.conf
15) What command diplays a full listing of processes, including headers?
16) How do you terminate a process? kill -9 : KILL kill -15 : TERM kill -3 : quit
17) Using symbolic mode, add group write permissions to the file "junk".
Do the same using octal mode.
18) In the following, where does the output for standard error go?
/usr/lib/sendmail -OQueueSortOrder=host -oQ/var/spool/mqueue-8h \
-q >> /var/adm/log/mqueue-8h 2>&1
19) What is the command to check the available free disk space on all local
filesystems? Which operating environment does the syntax used apply to?
20) You have need to configure a new network client and have been given the IP
128.194.49.48 in the 128.194.48.0/23 subnet. You configure the machine
with that IP and set the default router as you were told but are not
getting packets or response to pings. What is probably wrong?
21) Describe the X Window system client/server model.
22) Please list and describe 2 or more authentication mechanisms when displaying
X applications on remote displays. Which one is "better" in terms of
security?
23) You added a line to /etc/aliases, but it doesn't seem to be working. Why?
24) You commented out a server in inetd.conf, but it's still active. Why?
25) What's a process? What's an inode? Describe the difference between a
symlink and a hard link.
26) Name as many shells as you can.
27) How do you plan to document changes to this environment?
28) You have a problem and you don't know how to solve it. Name all the
resources you can think of that you might consult.
29) What have you done recently that you particularly liked, or are proud of?
30) I have a file named 'dash fr' (-fr); how do I get rid of it?
# rm ./-thefile 31) Why did I just ask that question?
32) What's the difference between a library function and system call?
33) The command to see who is on the system is:
who
what
why
where who
34) Which commercial UNIX platform dominated the computer industry?
FreeBSD
Microsoft McUnix
Solaris
HP-UX
Linux
35) In which file is the default router address kept?
/etc/resolv.conf DNS
/etc/nsswitch.conf passwd/group in nis
/etc/hosts
/etc/defaultrouter
36) The first field field in an /etc/passwd entry is:
The uid
The name
The gid
The home directory. uipd
37) According to POSIX.2, which of the following tests to see if file foo
exists and is readable?
test -f foo
test -r foo
test -w foo
test -x foo -f
38) According to POSIX.2, which option tells sort to compare the keys in a
case-insensitive manner?
-c
-f
-i
-v
39) The renice command may alter the priority of:
A single process
All process in a process group
All processes owned by a user
All of the above <---
40) To setup a master/slave NIS system such that the slave takes over lookup
requests when the master crashes:
run ypserv on the master; ypbind on the slave
run ypserv,ypbind on the master; ypset on the slave
run ypserv,ypbind on the master; ypserv,ypbind on the slave
run ypserv on the master; ypserv -s on the slave
41) You boot a client machine and attempt to mount an NFS drive from the
server. The NFS mount worked yesterday, and neither the server nor its NFS
export list has been modified since then. The mount command just hangs.
Where do you look for the problem?
42) Acceptable levels of bad nfs calls fall under what percentages?
10-15%
1-2%
45-55%
anything under 90%
43) When debugging a core in gdb, what does the command "bt" give?
the core memory
heap usage
the calling stack
44) Please describe the complete boot process for a Unix system (your choice,
but preferably Sun if known). Start at the moment the power switch is
turned on.
45) What is the main negative aspect of telnet/rshell/rlogin with respect to
security? Please list 2 or more mechanisms of overcoming that aspect.
46) How many devices can be attached to a SCSI/SCSI-2 bus? A "wide" SCSI bus?
47) A user performed a "cd;chmod 644 ." before logging out. What problem
occurs when they log in the next time, and what level of priviledge is
required to correct the problem?
48) Please describe the path and types of programs that handle an e-mail message
starting from when a system receives the first packet of information until
the recipient reads it.
49) A customer has created a web page and complains that attempts to view
it result in "forbidden" messages. What is the main problem? Directory
listing is as follows:
# ls -al
total 240
drwxr-xr-x 2 joeuser other 8192 Apr 19 17:54 .
drwx------ 57 joeuser other 8192 Apr 16 14:13 ..
-rw------- 1 joeuser other 6311 Apr 19 17:50 back.xbm
-rw------- 1 joeuser other 9650 Apr 19 17:50 daemon.gif
-rw------- 1 joeuser other 11230 Apr 19 17:50 ferret.jpg
-rw------- 1 joeuser other 11925 Apr 19 17:50 giraffe.gif
-rw------- 1 joeuser other 32760 Apr 19 17:50 help.gif
-rw-r--r-- 1 joeuser other 967 Apr 19 17:46 index.html
-rw------- 1 joeuser other 3871 Apr 19 17:50 kewl.jpg
-rw------- 1 joeuser other 9018 Apr 19 17:50 luser.jpg
-rw------- 1 joeuser other 2143 Apr 19 17:50 news.gif
-rw------- 1 joeuser other 9055 Apr 19 17:50 noms.gif
-rw------- 1 joeuser other 3071 Apr 19 17:50 race.gif
-rw------- 1 joeuser other 3301 Apr 19 17:50 sailbot.jpg
-rw------- 1 joeuser other 10511 Apr 19 17:50 tamu.gif
-rw------- 1 joeuser other 19696 Apr 19 17:50 tsip.jpg
-rw------- 1 joeuser other 6376 Apr 19 17:50 unix.gif
-rw------- 1 joeuser other 2267 Apr 19 17:50 xray.gif
-rw------- 1 joeuser other 3858 Apr 19 17:50 zoom.jpg
50) What happens when you issue the following commands (as root):
# kill -1 1
# kill -1 -1
# init 0
# sync
# rm /dev/console

webservice, soap, wsdl,uddi

ou may be curious about the distinction I make between marshaling and serialization, having seen the terms used interchangeably. I distinguish between them because with Web services different standards define the rules for the two processes. SOAP defines the rules for marshaling and encoding data into XML messages, but doesn’t specify how data is actually serialized across the interface. SOAP can bind to any protocol (usually either HTTP or Simple Mail Transport Protocol [SMTP]) for serialization, which means the specifications for those protocols actually define the serialization rules.

Literal: SOAP message doesn’t include data type; Under any literal style, the href attribute is not available

The fighters have STYLE:

RPC Style

The RPC style specifies that the <soap:body> contains an element with the name of the Web method being invoked. This element in turn contains an entry for each parameter and the return value of this method.

Document Style

The message parts appear directly under the <soap:body> element. There are no SOAP formatting rules for what the <soap:body> contains. The server application is responsible for mapping the server objects (parameters, method calls, and so forth) and the values of the XML documents.

What they are USEing:

Encoding

Each message part references an abstract type using the type attribute defined in Section 5.0. Applications using SOAP encoding are focused on remote procedure calls and will likely use the RPC message style.

Literal

o Each part references a concrete schema definition using either the element or type attribute; in other words, data is serialized according to a given schema.